This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
A Perl application hosted on the remote web server has a cross-site
The version of Movable Type running on the remote host has a cross-
site scripting vulnerability in 'mt-wizard.cgi'. Input to the
'set_static_uri_to' parameter is not sanitized. A remote attacker could
exploit this by tricking a user into submitting a specially crafted POST
request, which would execute arbitrary script code in the context of the
There is also reportedly a security bypass vulnerability in this version
of Movable Type, though Nessus has not checked for this issue.
See also :
Upgrade to Movable Type version 4.26 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true